Experimental background: since the installation of k8s requires the use of an agent to use the official source, it is necessary to configure an agent in CentOS7 for scientific Internet access
Install the Shadowsocks client
- Install epel source and pip package management
sudo yum -y install epel-release
sudo yum -y install python-pip
- Install the Shadowsocks client
sudo pip install shadowsocks
Configure Shadowsocks connection
- New profile, default does not exist
sudo mkdir /etc/shadowsocks
sudo vi /etc/shadowsocks/shadowsocks.json
- Add configuration information: if the address and port of ss server are required
{
"server":"x.x.x.x", # Shadowsocks server address
"server_port":1035, # Shadowsocks server port
"local_address": "127.0.0.1", # Local IP
"local_port":1080, # Local port
"password":"password", # Shadowsocks connection password
"timeout":300, # Wait timeout
"method":"aes-256-cfb", # Encryption method
"fast_open": false, # true or false. Turn on fast open to reduce latency, but require the Linux kernel to be in 3.7+
"workers": 1 #Number of worker threads
}
- Configure self start
Create a new startup script file, / etc / SYSTEMd / system / shadowlocks.service, as follows:
[Unit]
Description=Shadowsocks
[Service]
TimeoutStartSec=0
ExecStart=/usr/bin/sslocal -c /etc/shadowsocks/shadowsocks.json
[Install]
WantedBy=multi-user.target
- Start the Shadowsocks service
systemctl enable shadowsocks.service
systemctl start shadowsocks.service
systemctl status shadowsocks.service
- Verify that the Shadowsocks client service is running properly
curl --socks5 127.0.0.1:1080 http://httpbin.org/ip
- If the Shadowsock client service is running normally, the result is as follows:
{
"origin": "x.x.x.x" #Your Shadowsock server IP
}
Install configuration privoxy
- Install privoxy
yum install privoxy -y
systemctl enable privoxy
systemctl start privoxy
systemctl status privoxy
- Configure privoxy
Modify the configuration file / etc/privoxy/config
listen-address 127.0.0.1:8118 # 8118 is the default port, do not change
forward-socks5t / 127.0.0.1:1080 . #Forward to local port, note the last point
- Set http and https proxy
# vi /etc/profile add the following information at the end
PROXY_HOST=127.0.0.1
export all_proxy=http://$PROXY_HOST:8118
export ftp_proxy=http://$PROXY_HOST:8118
export http_proxy=http://$PROXY_HOST:8118
export https_proxy=http://$PROXY_HOST:8118
export no_proxy=localhost,172.16.0.0/16,192.168.0.0/16.,127.0.0.1,10.10.0.0/16
# Overloading environment variables
source /etc/profile
- Test agent
[root@aniu-k8s ~]# curl -I www.google.com
HTTP/1.1 200 OK
Date: Fri, 26 Jan 2018 05:32:37 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2018-01-26-05; expires=Sun, 25-Feb-2018 05:32:37 GMT; path=/; domain=.google.com
Set-Cookie: NID=122=PIiGck3gwvrrJSaiwkSKJ5UrfO4WtAO80T4yipOx4R4O0zcgOEdvsKRePWN1DFM66g8PPF4aouhY4JIs7tENdRm7H9hkq5xm4y1yNJ-sZzwVJCLY_OK37sfI5LnSBtb7; expires=Sat, 28-Jul-2018 05:32:37 GMT; path=/; domain=.google.com; HttpOnly
Transfer-Encoding: chunked
Accept-Ranges: none
Vary: Accept-Encoding
Proxy-Connection: keep-alive
- Cancel use of agent
while read var; do unset $var; done < <(env | grep -i proxy | awk -F= '{print $1}')